Topics

Featured in Development

As part of our core values of sharing knowledge, the InfoQ editors were keen to capture and share our book and article recommendations for 2018, so that others can benefit from this too. In this second part we are sharing the final batch of recommendations

Featured in Architecture & Design

Tanya Reilly discusses her research into how the fire code evolved in New York and draws on some of the parallels she sees in software. Along the way, she discusses what it means to be an SRE, what effective aspects of the role might look like, and her opinions on what we as an industry should be doing to prevent disasters.

Featured in Culture & Methods

Mik Kersten has published a book, Project to Product, in which he describes a framework for delivering products in the age of software. Drawing on research and experience with many organisations across a wide range of industries, he presents the Flow Framework™ as a way for organisations to adapt their product delivery to the speed of the market.

Featured in DevOps

The fact that machine learning development focuses on hyperparameter tuning and data pipelines does not mean that we need to reinvent the wheel or look for a completely new way. According to Thiago de Faria, DevOps lays a strong foundation: culture change to support experimentation, continuous evaluation, sharing, abstraction layers, observability, and working in products and services.

News

HashiCorp has released version 1.0 of Vault, their secrets management tool that open-sources the auto-unseal feature needed to continue using Vault server after a failure or a restart. In this version, a new type of token called batch is now available for ephemeral workloads. Another new feature is that service account tokens are now supported in Kubernetes auth to inject tokens into a pod.

AI helps us to build human interfaces based on speaking and writing, instead of using a keyboard or mouse; it allows humans to stay human. The biggest challenges are finding ways to tell systems what answers are unsatisfactory to help them learn, be transparent in what data is recorded and retained, and ensure that diversity and inclusion is part of our training data to prevent bias in AI systems.

Researchers have devised a new kind of timing attack to steal information from a different process running on the same core with SMT/hyper-threading enabled. By carefully measuring port contention delays when sending instructions to a shared core, the researchers could recover a private key from a different process. Intel CPUs are probably not the only ones affected.

British Airways reports two substantial data breaches this year, initially reporting in September the compromise of 244,000 credit card transactions in August and September, and further disclosing in October another 185,000 transactions from April through July.

Google announced two new Cloud Identity and Access Management (IAM) features to help customers manage their security and access control in the Google Compute Engine better. These features are the resource-level IAM to set policies on individual resources, and IAM conditions to grant access based on predefined conditions.

Mesa CI is a continuous integration system at Intel for running builds and compliance test suites for the Mesa graphics library. It runs across more than 200 systems and runs tens of millions of tests per day.

Security researchers from MIT claim to have devised a hardware solution to prevent cache timing attacks based on speculative execution, such as Spectre and Meltdown. Their approach, named Dynamically Allocated Way Guard (DAWG), splits the processor cache in variably-sized partitions to make it impossible for processes to snoop on other processes’ cache partitions.

At GitHub Universe in San Francisco, GitHub announced a number of new tools to help developers make their workflows more effective, including Actions, Suggested Changes, Security Alerts for .NET and Java, and more.

The Git community has disclosed a security vulnerability affecting the clone and submodule commands that could enable remote code execution when vulnerable machines access malicious repositories. The vulnerability, which has been assigned CVE–2018–17456 by Mitre, has been fixed in Git 2.19.1.

Centralized identity providers, such as social media sites and consumer email services, provide convenience to users. But this approach creates data privacy and security risks. Hyperledger Indy, an open source blockchain project, is being built to address the current issues that exist in centralized identity providers by taking a 'Privacy by Design' approach to deal with these risks.

With the immutable storage, feature blobs will be non-erasable and non-modifiable for a specific retention interval. Now Microsoft announced that this new feature is generally available in all public Azure regions after its preview since June of this year.

In a recent blog post, the Hyperledger open source project announced the next version of Burrow v.0.21.0. Within this release, organizations can expect improved integration, key-signing, helm charts for Kubernetes and developer experience.

Compliance is about making sure that you are doing the right thing and being able to prove it. With agile and frequent deliveries, you need to build compliance into the process of delivery. Making compliance obligation part of the thing that DevOps teams own increases the likelihood of success.